upstream: regress test for sshd_config Include directive; from Jakub

Jelen

OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4

diff --git a/regress/Makefile b/regress/Makefile
index 34c47e8cbe64eccd81fe83ff118900b5ef9b86ac..774c10d41334fd1d33cebc9ff2f80e3b1dc24ec6 100644 (file)
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.104 2019/09/03 08:37:45 djm Exp $
+#      $OpenBSD: Makefile,v 1.106 2020/01/31 23:25:08 djm Exp $
 
 tests:         prep file-tests t-exec unit
 
@@ -87,6 +87,7 @@ LTESTS=       connect \
                principals-command \
                cert-file \
                cfginclude \
+               servcfginclude \
                allow-deny-users \
                authinfo \
                sshsig
@@ -122,7 +123,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
                ssh-rsa_oldfmt \
                ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
                ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
-               sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \
+               sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \
                sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
                t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \
                t8.out t8.out.pub t9.out t9.out.pub testdata \

diff --git a/regress/servcfginclude.sh b/regress/servcfginclude.sh
new file mode 100644 (file)
index 0000000..b25c8fa
--- /dev/null
+++ b/regress/servcfginclude.sh
@@ -0,0 +1,154 @@
+#      Placed in the Public Domain.
+
+tid="server config include"
+
+cat > $OBJ/sshd_config.i << _EOF
+HostKey $OBJ/host.ssh-ed25519
+Match host a
+       Banner /aa
+
+Match host b
+       Banner /bb
+       Include $OBJ/sshd_config.i.*
+
+Match host c
+       Include $OBJ/sshd_config.i.*
+       Banner /cc
+
+Match host m
+       Include $OBJ/sshd_config.i.*
+
+Match Host d
+       Banner /dd
+
+Match Host e
+       Banner /ee
+       Include $OBJ/sshd_config.i.*
+
+Match Host f
+       Include $OBJ/sshd_config.i.*
+       Banner /ff
+
+Match Host n
+       Include $OBJ/sshd_config.i.*
+_EOF
+
+cat > $OBJ/sshd_config.i.0 << _EOF
+Match host xxxxxx
+_EOF
+
+cat > $OBJ/sshd_config.i.1 << _EOF
+Match host a
+       Banner /aaa
+
+Match host b
+       Banner /bbb
+
+Match host c
+       Banner /ccc
+
+Match Host d
+       Banner /ddd
+
+Match Host e
+       Banner /eee
+
+Match Host f
+       Banner /fff
+_EOF
+
+cat > $OBJ/sshd_config.i.2 << _EOF
+Match host a
+       Banner /aaaa
+
+Match host b
+       Banner /bbbb
+
+Match host c
+       Banner /cccc
+
+Match Host d
+       Banner /dddd
+
+Match Host e
+       Banner /eeee
+
+Match Host f
+       Banner /ffff
+
+Match all
+       Banner /xxxx
+_EOF
+
+trial() {
+       _host="$1"
+       _exp="$2"
+       _desc="$3"
+       test -z "$_desc" && _desc="test match"
+       trace "$_desc host=$_host expect=$_exp"
+       ${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
+           -C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out ||
+               fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
+       _got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'`
+       if test "x$_exp" != "x$_got" ; then
+               fail "$desc_ host $_host include fail: expected $_exp got $_got"
+       fi
+}
+
+trial a /aa
+trial b /bb
+trial c /ccc
+trial d /dd
+trial e /ee
+trial f /fff
+trial m /xxxx
+trial n /xxxx
+trial x none
+
+# Prepare an included config with an error.
+
+cat > $OBJ/sshd_config.i.3 << _EOF
+Banner xxxx
+       Junk
+_EOF
+
+trace "disallow invalid config host=a"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
+    -C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \
+       fail "sshd include allowed invalid config"
+
+trace "disallow invalid config host=x"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
+    -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
+       fail "sshd include allowed invalid config"
+
+rm -f $OBJ/sshd_config.i.*
+
+# Ensure that a missing include is not fatal.
+cat > $OBJ/sshd_config.i << _EOF
+HostKey $OBJ/host.ssh-ed25519
+Include $OBJ/sshd_config.i.*
+Banner /aa
+_EOF
+
+trial a /aa "missing include non-fatal"
+
+# Ensure that Match/Host in an included config does not affect parent.
+cat > $OBJ/sshd_config.i.x << _EOF
+Match host x
+_EOF
+
+trial a /aa "included file does not affect match state"
+
+# Ensure the empty include directive is not accepted
+cat > $OBJ/sshd_config.i.x << _EOF
+Include
+_EOF
+
+trace "disallow invalid with no argument"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \
+    -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
+       fail "sshd allowed Include with no argument"
+
+# cleanup
+rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out

diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 2c9c3f49809b72ba532b192f1d56e6ce0d31155e..f5e3ee6f53c5872eaa758ab78c8491b03ce87bdb 100644 (file)
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: test-exec.sh,v 1.74 2020/01/25 02:57:53 dtucker Exp $
+#      $OpenBSD: test-exec.sh,v 1.75 2020/01/31 23:25:08 djm Exp $
 #      Placed in the Public Domain.
 
 #SUDO=sudo
@@ -239,6 +239,7 @@ echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
 
 chmod a+rx $OBJ/ssh-log-wrapper.sh
 REAL_SSH="$SSH"
+REAL_SSHD="$SSHD"
 SSH="$SSHLOGWRAP"
 
 # Some test data.  We make a copy because some tests will overwrite it.